CVE-2026-8026 FlowiseAI Flowise API Response account.service.ts login information disclosure

A security flaw has been discovered in FlowiseAI Flowise up to 3.0.12. Affected is the function Login of the file packages/server/src/enterprise/services/account.service.ts of the component API Response Handler. The manipulation results in information disclosure. The attack can be launched...

CVE-2025-34155

Tibbo AggreGate Network Manager 6.40.05 contains an observable response discrepancy in its login functionality. Authentication failure messages differ based on whether a supplied username exists or not, allowing an unauthenticated remote attacker to infer valid account identifiers. This can...

EUVD-2000-0360

Malware in sbrugna...

EUVD-2017-8887

Malware in sbrugna...

EUVD-2019-15109

Malware in sbrugna...

EUVD-2017-12861

Malware in sbrugna...

EUVD-2019-6568

Malware in sbrugna...

EUVD-2015-8505

Malware in sbrugna...

EUVD-2020-14760

Malware in sbrugna...

EUVD-2025-25749

Malicious code in bioql PyPI...

EUVD-2024-49881

Malicious code in bioql PyPI...

EUVD-2021-9988

Malicious code in bioql PyPI...

CVE-2025-9411

A security vulnerability has been detected in lostvip-com ruoyi-go up to 2.1. The impacted element is the function SelectPageList of the file modules/system/service/LoginInforService.go. The manipulation of the argument isAsc leads to sql injection. The attack can be initiated remotely. The explo...

CVE-2025-54542 Sending Password in GET Request

QuickCMS sends password and login via GET Request. This allows a local attacker with access to the victim's browser history to obtain the necessary credentials to log in as the user. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the SelectPageList function in the LoginInforService.go file when handling the isAsc argument. An attacker can execute unauthorized SQL commands by supplying crafted input remotely. Remediation There is no fixed versio...

CVE-2025-9411

CVE-2025-9411 affects lostvip-com ruoyi-go up to version 2.1. The vulnerability is in the SelectPageList function of modules/system/service/LoginInforService.go, where manipulation of the isAsc argument enables SQL injection. Exploitation is remote and has been publicly disclosed; multiple source...

CVE-2024-9929

A vulnerability exists in NSD570 that allows any authenticated user to access all device logs disclosing login information with timestamps...

CVE-2025-2495 Stored Cross-Site Scripting (XSS) vulnerability in Softdial Contact Center

Stored Cross-Site Scripting XSS in Softdial Contact Center of Sytel Ltd. This vulnerability allows an attacker to upload XML files to the server with JavaScript code injected via the ‘/softdial/scheduler/save.php’ resource. The injected code will execute when the uploaded file is loaded via the...

Microsoft advertisers phished via malicious Google ads

Just days after we uncovered a campaign targeting Google Ads accounts, a similar attack has surfaced, this time aimed at Microsoft advertisers. These malicious ads, appearing on Google Search, are designed to steal the login information of users trying to access Microsoft's advertising platform...

CVE-2024-9929

A vulnerability exists in NSD570 that allows any authenticated user to access all device logs disclosing login information with timestamps...